Shostack + Friends Blog Archive


Source, Data or Methodology: Pick at least one

In the “things you don’t want said of your work” department, Ars Technica finds these gems in a GAO report:

This estimate was contained in a 2002 FBI press release, but FBI officials told us that it has no record of source data or methodology for generating the estimate and that it cannot be corroborated…when we contacted FTC officials to substantiate the estimate, they were unable to locate any record or source of this estimate within its reports or archives, and officials could not recall the agency ever developing or using this estimate.(“US government finally admits most piracy estimates are bogus,” Ars Technica)

Of course, no one in information security would ever do such a thing.

One comment on "Source, Data or Methodology: Pick at least one"

  • Cormac Herley says:

    Yet, it’s a safe prediction that the estimate will be quoted and live on long after the admission of bogosity is forgotten. Slate had a great article on mythical numbers a few years back:

    To get a mythical number going merely requires that the people who want the number to be high, are stronger/louder than the people who want it to be low. There’s seldom many people with an interest in having it be accurate.

Comments are closed.